ZexRail Docs
Sign In

Authentication

Authenticate your requests to the ZexRail API

API Key Authentication
Use bearer tokens to authenticate API requests

All API requests must include your API key in the Authorization header as a Bearer token.

curl -X GET "https://api.zexrail.com/v1/agents" \
  -H "Authorization: Bearer sk_test_xxxxxxxxxxxxxxxx"

Header Format

Authorization: Bearer <your_api_key>
Environment Separation
Sandbox and production environments are completely isolated
warning

Test Environment

  • • API prefix: sk_test_
  • • Base URL: api.sandbox.zexrail.com
  • • No real money movement
  • • Test agents and settlements
success

Live Environment

  • • API prefix: sk_live_
  • • Base URL: api.zexrail.com
  • • Real settlements executed
  • • Audit logging enabled

Never use production keys in development

Always use sandbox keys during development and testing. Production keys should only be used in secure production environments.

Environment Variables
Store your credentials securely
# .env.local
ZEXRAIL_API_KEY=sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ZEXRAIL_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SDK Authentication
Using the ZexRail SDK handles authentication automatically
import { ZexRailClient } from '@zexrail/sdk';

// Initialize with API key
const client = new ZexRailClient({
  apiKey: process.env.ZEXRAIL_API_KEY,
  environment: 'sandbox', // or 'production'
});

// Client automatically includes auth headers
const agents = await client.agents.list();
Key Management
Managing your API keys

Sandbox API Key

sk_test_••••••••••••••••••••••••
success

Production API Key

Not yet configured. Enable production access in settings.

Key rotation best practices:

  • • Rotate keys every 90 days
  • • Use separate keys for different services
  • • Monitor key usage in the dashboard
  • • Revoke unused keys immediately